Sensitive Data Part of Space Shuttle Going Out of Business Sale

The agency has been selling off computers, hard drives, and other equipment associated with the Space Shuttle program as it winds down.

But the audit (PDF) by the NASA Office of the Inspector General (OIG) found security breaches at four NASA facilities: the Kennedy and Johnson Space Centers and the Ames and Langley Research Centers.

Specifically, the audit discovered that 10 computers from the Kennedy Center were released to the public even though they still contained sensitive NASA data and had failed verification testing as part of their disposal process. Another four computers with data were confiscated before they were sold.

Further, computers at the Kennedy Center’s disposal facility being prepped for sale displayed NASA IP (Internet protocol) information, which could easily give a hacker a way to break into a NASA network.

From the audit:

We attempted to determine the Agency’s risk exposure from the sale of the ten computers. We concluded that nine of the computers had been released for disposition by two NASA contractors. One of the contractors provides base operations support for Kennedy and the other works on several NASA programs that involve sensitive space related technologies. Although we could not definitively determine whether the nine computers that were sold actually contained sensitive information, our analysis of the computers we confiscated – one of which contained information subject to export control by ITAR [ International Traffic in Arms Regulations]– and the type of work performed by these contractors raises serious concerns abut the information that may have remained on the computers.

Some hard drives were stored in a publicly available dumpster. With runaway incompetence at the federal level, that’s where the whole country is headed.